“I am going to give every vulnerability that I have found a website, name, and a logo,” said David Jorm, IIX senior manager of product security and technology services, according to The Register.

The alternative grew out of his experiences requesting tracking numbers through the CVE vulnerability logging system. If the initial bug websites are any indication, the images offer much promise.

MITRE, the organization that manages the CVE system, responded to researchers' frequent complaints in March, announcing a pilot platform to speed its ability to issue CVE numbers. Although researchers called MITRE's prior system “manual and slow,” the pilot program was called off a day after it was announced. “As a result of your feedback, we will not move forward with a public announcement of the pilot plan, which we are putting on indefinite hold,” Joe Sain, CVE communications and adoption lead, wrote on the CVE discussion board.

Jorm's presentation description on AusCERT website states that CVE is “fundamentally broken” and claims the organization has a “conflict of interest as a government-funded program.” The presentation summary continued: “A litany of failures of the CVE process will be detailed, along with inside information on the extent to which the process is governed by secret rules at the behest of large software companies *cough* Google *cough*.”

Techscape is SC Media’s content marketing platform. Industry experts share their views in the following categories

Partner Content is sponsored content brought to you by a vendor

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.